Feeds:
Posts
Comments

Posts Tagged ‘Security Auditing’

Cloud and Virtualization Security

Cloud and Virtualization Security

Like it or not, more and more company IT infrastructure was migrated from physical to “private cloud” or “public cloud” to leverage shared and  highly scalable multi-tenant cloud infrastructure.

Traditional vulnerability management vendor is make their effort to complete their unified solution capable to covered traditional infrastructure, mobile and “cloud and virtualisation infrastructure”.

Are vulnerability assessment of the virtual is the same as the physical? The answer is yes and no. The answer is yes, you still need to audit accordingly to the infrastructure, network, wireless, application, database, server, operating system, web application and so on. The answer is also no, you got to covered additional layer – cloud and virtualisation layer, the potential vulnerability caused by virtualisation platform vendor and their respective technologies.

A good vulnerability assessment tool always capable to let your configured and audit additional layer of mobile as well as cloud/virtualization infrastructure.

From the day one, E-SPIN have pick up the best of the breed vendor to develop our complete product lineup solution that cover unified vulnerability assessment for generic use to special assessment tool for real IT auditor, security professional and compliance officer who need the right tools to deliver their duties.

Whether for the unified vulnerability management, on premises or hosted, E-SPIN is provide truly practical choice of vulnerability management mix accordingly to your budget and operation requirement, backed with our pre-sales solution consultant, implementation and onsite support team.

Please feel free to contact us for advice how to choose the right vulnerability management solution accordingly to your operation requirement. Just write in with the subject line “RFI – Vulnerability Management for Cloud Infrastructure” and attend to our sales(a)e-spincorp.com, our assigned personnel will contact your for your request.

Advertisements

Read Full Post »

Ensure-your-Website-Security

Is the exploitation of web vulnerabilities worth the trouble? Does it create unnecessary risks that should be avoided? Why exploit flaws anyway? This is not a black and white circumstance. Every situation is unique. But here’s what I know. The exploitation of web security flaws such as Cross-Site Scripting, SQL injection and Cross-Site request forgery is arguably the most valuable part of my assessments. Web exploitation can provide actual data, screenshots and other evidence which are great for getting management, developer and user buy-in on the issues. Otherwise, you may simply be running scans and making dangerous assumptions about what can or cannot be taken advantage of.

In many situations, all it takes is exploiting one missing web server patch, one SQL injection flaw or cracking a set of web passwords to show that problems exist in the respective areas. You may not need to exploit every flaw on every system to demonstrate what’s weak and what can happen. For certain projects, exploiting every single flaw on every single page could take too long and cost too much.

You have to ask yourself what’s really needed? What’s the ultimate goal of your security assessment? Is it to find some basic issues running basic scans or is it to completely vet a website or application and show exactly what can happen when things go awry? There is a ton of value in web exploitation…if it meshes with the overall project goals.

Vulnerability “exploitation” seems like a bad word that’s going to leak data, crash servers and cause business continuity problems but it really doesn’t have to. I’ve found that exploitation of web flaws is actually less risky than running the actual scans themselves. Interestingly, I’ve never had a problem running web exploits but automated scans have certainly created issues. Then again, unless the specific requirements call for it, I only run exploits that are not designed to create denial of service conditions. Your situation may be different.

In the end, if a web exploit (or even a scan) knocks over an application or its associated server(s), that may be a good indicator that you need to look even deeper. In the interest of minimizing problems, some people will just pretend the server or application doesn’t exist and leave it be. Sure, the problems are minimized but the security flaws are still there! Two wrongs don’t make a right.

For some people – especially IT auditors or compliance managers – exploitation of web flaws may be new territory. That’s fine. I just encourage people to really think things through when scoping web security assessments projects. Know all the facts and the possible outcomes and then dig in as deeply as possible. That’s the only way you’re going to find the flaws that matter and get people on your side to do something about them.

Read Full Post »

Vulnerability Assessment

The majority of security breaches are caused by people that already have access to the internal network. Insiders pose a potential threat to the very foundation of your network security if you do not take proper precautions. E-SPIN and the technology supplier we represented is dedicated to offering turnkey solutions based on a true proactive approach in securing their valuable assets and ensuring compliance with policies and regulations. Our solutions can be immediately deployed and are always accompanied by our well-appreciated 24/7 security expert support.

Being placed inside the network, E-SPIN Vulnerability Management Appliance become a wider approach on security breaches. Vulnerabilities can be successfully identified and managed on all servers, workstations and other devices that are available from within the network. By using the built-in workflow tools, identified vulnerabilities can easily be delegated and later on verified for successful remediation. The vulnerability findings can be compared over time, to monitor trends in risk exposure.

Key Features

  • Network mapping support – Automated enumeration of network components and services in order to determine appropriate scope of vulnerability assessment.

  • World leading security technology – Based upon our partnering world leading core vulnerability scanning technology.

  • Cross platform support – All commonly used operating systems, applications and network types can be successfully assessed.

  • Maintains network availability – Several mechanisms to minimize possible network interruptions are implemented and the user can schedule the scans with respect to individual requirements.

  • Alignment with standards – Vulnerability information is aligned with the CVE (Common Vulnerabilities and Exposures) standard for Information Security Vulnerability Names.

  • Multi-user environment – Unlimited number of users accompanied with a rich-featured permission control system and support for task assignment.

Unique Benefits

  • Scalability – Cluster support that allows for smooth extension of number of co-working appliances as needed.

  • Information privacy – The sensitive vulnerability reports never leaves your network, but resides on the HIAB appliance.

  • 24/7 technical support – Unlimited phone and email support provided by security experts.

  • Ease-of-use yet flexibility – An easy-to-use web interface. By using the standard configuration you are quickly up and running, whereas more advanced features can be used on-demand.

  • Best value for money – Competitive pricing and reduced burden on your own organization.

Contact E-SPIN for your vulnerability management requirement.

Read Full Post »

vulnerabilities threats model

Today’s high-tech network security appliances ensure a great job of keeping the vulnerabilities threats from invading your business. These vulnerabilities threats can increase the level of vulnerabilities and penetrates to your host system and network assets to obtain the confidential info and utilized illegally for their own benefits.

Where do these vulnerabilities generated from?

  1. USB thumb drives – The ubiquity of thumb drives hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port
  2. Hardware, Laptop and netbooks – With a handy Ethernet port for tapping directly into a network, a laptop may already have malicious code running in the background which is tasked to scour the network and find additional systems to infect.
  3. Wireless access points – Wireless APs provide immediate connectivity to any user within proximity of the network and are naturally insecure, regardless if encryption is used or not. Protocols such as wireless encryption protocol contain known vulnerabilities that are easily compromised with attack frameworks, such as Aircrack
  4. Smartphones and other digital devices – Phones are full-functioning computers, complete with Wi-Fi connectivity, multithreaded operating systems, high storage capacity, high-resolution cameras and vast application support. However, these devices also have the potential to elude traditional data-leak prevention solutions.
  5. E-mail – An electronic mail carries the messages with confidential information that can easily be forwarded to any external target which the e-mails themselves can carry nasty viruses in targeted e-mail via phishing for access credentials from an employee. These stolen credentials would then be leveraged in a second-stage attack.

What can I do to combat with these vulnerabilities threats?

To combats these harmful, dangerous, potential vulnerabilities threats, E-SPIN’s offer a comprehensive portfolio of Vulnerability Management, Risk Assessment and Compliance Assurance Solutions (http://www.e-spincorp.com/espinv3/index.php/solutions) to automate the process of vulnerability management and policy compliance across the enterprise to keep your host system and network assets safe and secure from these vulnerabilities threats by:

  • Providing network and network security device to secured laptops, netbooks or any digital devices, USB devices
  • Server and system, OS, web application
  • Database and wireless access point
  • Mobile device discovery for smart phones and other digital devices.
  • Mapping, asset prioritization, vulnerability assessment reporting and remediation tracking accordingly to business risk
  • Policy compliance allows auditing, enforcing and documenting compliance with internal security policies and external regulations.

What are E-SPIN’s Solutions offers and specialties?

  • Vulnerability Management, Vulnerability Assessment, Security Audit, Penetration Testing, Network Assessment, Network Device Audit, Web Application Audit, Database Security Audit, Wireless Network Assessment, Mobile Device Security Audit, Exploitation Management and Testing, Vulnerability Reporting
  • Automating Vulnerability Management, Enforcing IT Policy Compliance, in deep and comprehensive reporting, best of breed industry de factor solutions, maintaining regulatory compliance, Automated and Advanced Exploitation Testing.

Read Full Post »